On the basis of how companies see their own security position, the Command Control Cybersecurity Index 2018 paints a rather dismal picture of Industry 4.0. The source of the information was a survey of 300 decision-makers in the area of digital security from manufacturing industry, retail, transport and logistics, and the finance and health sectors. The result: 76% of respondents considered conventional IT security strategies to be inadequate to cope with new threats connected to Industry 4.0. At the same time, 74% are calling for established measures and rules to be applied to potential network risks as quickly as possible across the board, since the more devices that are networked in the industrial IoT, the larger the number of opportunities that will arise for attackers.
61% have already identified a significant weakness in their security strategy: their own employees. Nevertheless, 40% of the respondents fail to forward information about security-related risks to their own personnel. Potential points of attack seem in part to be self-inflicted problems: while 55% forbid the use of certain apps and networks in their compliance guidelines, the rest of the participants in the survey admit to considerable negligence in this area, with the result that they are making things easy for attackers. A study by the Verband für Elektrotechnik, Elektronik und Informationstechnik (German Institute of Electrical and Electronics Engineers (VDE)) has also identified an urgent need for action: according to this, 30% of the companies surveyed entirely fail to train their own employees in the area of IT security and are therefore laying themselves open to attacks on Industry 4.0 structures.